Published on January 21st, 2022 📆 | 2405 Views ⚑
0Biden gets praise on cybersecurity despite ransomware persistence
When Joe Biden took office, he already had a laundry list of cybersecurity issues to address.Â
Just a month before, private companies and government officials had discovered that Russia had spent more than a year conducting one of the most effective cyberespionage campaigns against the United States in history by hacking the small Austin software company SolarWinds and using its products to gain access to nine federal agencies and hundreds of companies.Â
Soon after, Chinese spies began exploiting a devastating software flaw in Microsoftâs Exchange email program, which mysteriously and quickly fell into the hands of scores of criminal hackers who started using it to attack organizations around the world.
And while ransomware was a rapidly escalating problem before Biden took office, it became undeniable last year. Hackers, often operating with seeming impunity within Russia, extorted U.S. hospitals, schools, a major oil pipeline company and the countryâs largest beef distributor.
A year later, experts say, the Biden administration has done a decent job with cybersecurity policy, filling crucial roles and hardening the countryâs infrastructure cybersecurity. But they also warn that ransomware hackers will likely continue to target Americans, and that Congress hasnât helped the countryâs security as much as it could.
âOverall, I give them very high marks,â said Michael Daniel, who served as President Barack Obamaâs chief cybersecurity adviser and is currently the head of the Cyber Threat Alliance, a cybersecurity industry trade association. âThey assembled a real A-team, and they did so at the very top.â
A hallmark of Bidenâs cybersecurity efforts is a sweeping executive order, issued in May, removing some roadblocks that private companies can face in sharing information with the government, and demanding better security standards from software companies that sell to federal agencies.
Trey Herr, the head of the Cyber Statecraft Initiative at the Atlantic Council, a Washington think tank, said the executive order was useful, but created some of its own problems.
âThe May EO was sort of the best and worst of times,â he said. âIt was ambitious. It was unusually technical. It called out some important areas that hadnât seen attention in a while like software security and supply chain security. And it made an effort to identify both who would develop policy and who would take action as a result of it, rather than just chucking lots of reports into the air.â
âThe problem I think is that first, it was incredibly aggressive in its timelines. It threw an incredible amount of work at NIST. Second, is it didnât really anchor who would be accountable for these outcomes,â he said, referring to the National Institute of Standards and Technology.
The White House followed up that executive order with emergency cybersecurity regulations, issued by the Transportation Security Administration, for the pipeline industry and then rail and aviation sectors to bolster their defenses.
Anne Neuberger, whom Biden appointed as the National Security Councilâs cyber lead, said that was the result of the White House pulling out all the stops to quickly demand more cybersecurity from U.S. critical infrastructure operators without waiting for Congress.
âWe really scrubbed all U.S. government authorities and identified that TSA had emergency authorities, in the aftermath of Colonial Pipeline, to set those cybersecurity standards,â she said in a phone interview.
In June, thanks to an act of Congress, Biden appointed Chris Inglis as the first White House national cyber director, a position designed to coordinate various agenciesâ at times conflicting goals with cybersecurity. That has led to some confusion and perceived turf wars with the National Security Council, which in the past has held that responsibility, though Neuberger downplays the idea theyâre in conflict.
âChris and I discussed it, and first, thereâs enough work for everyone,â she said. âWe work very closely together. We meet regularly.â
A requirement for critical infrastructure operators to disclose to the federal government when theyâve been hacked, long a priority for cybersecurity hawks and a goal of the White House, failed in the Senate in December, however.
Ransomware, though, is still a major challenge. The White House has implemented a number of tactics to try to reduce it, including coordinating with countries such as Poland, South Korea and Ukraine to arrest and at times extradite alleged hackers and sanctioning the cryptocurrency companies that allegedly launder the money extorted.Â
Still, ransomware hackers were roughly as prolific in 2021 as they were in the previous two years, according to an annual survey from the cybersecurity company Emsisoft.
It wasnât until last week that Russia finally took the step of publicly arresting members of REvil, one of the most notorious ransomware gangs, a move the White House framed as a win.
At least some ransomware hackers have been rattled by the arrests, said Dmitri Alperovitch, the chair of the Silverado Policy Accelerator, a think tank for government technology policy
âIt is absolutely reverberating through the e-crime ecosystem, and I think at least in the short term will likely result in a slowdown of attacks,â he said.
The timing of the shift is notable, Alperovitch added. The fact that the Kremlin waited until last week to take action signals that Russia is only willing to cooperate with the U.S. on ransomware as long as the countries arenât openly clashing on Ukraine, he said. Biden has predicted Russia will invade Ukraine.
âWhy did the Russians do this and why did they do this now?â Alperovitch said. âIt sends a signal in my mind that this is ransomware diplomacy, that theyâre going to be willing to cooperate with us on ransomware but not at the expense of more sanctions.â
âOverall, Iâm not hopeful,â he said. âI think the relationship with Russia is completely broken.â
Lauren Zabierek, the executive director of the Cyber Project at Harvardâs Belfer Center, said Biden has made cybersecurity strategy a priority, but thereâs far more work to be done.
âWhat strikes me is he cares very much about this and I think itâs very important to him, so I think heâs put a lot of effort into various things to strengthen cybersecurity,â she said.Â
âHopefully this puts us on a path to greater resilience, but I think itâs a very long road,â Zabierek said.
Gloss